On the Complexity of ATL and ATL* Module Checking

Module checking has been introduced in late 1990s to verify open systems, i.e., systems whose behavior depends on the continuous interaction with the environment. Classically, module checking has been investigated with respect to specifications given as CTL and CTL* formulas. Recently, it has been shown that CTL (resp., CTL*) module checking offers a distinctly different perspective from the better-known problem of ATL (resp., ATL*) model checking. In particular, ATL (resp., ATL*) module checking strictly enhances the expressiveness of both CTL (resp., CTL*) module checking and ATL (resp. ATL*) model checking. In this paper, we provide asymptotically optimal bounds on the computational cost of module checking against ATL and ATL*, whose upper bounds are based on an automata-theoretic approach. We show that module-checking for ATL is EXPTIME-complete, which is the same complexity of module checking against CTL. On the other hand, ATL* module checking turns out to be 3EXPTIME-complete, hence exponentially harder than CTL* module checking.Comment: In Proceedings GandALF 2017, arXiv:1709.0176

Indefinite waitings in MIRELA systems

MIRELA is a high-level language and a rapid prototyping framework dedicated to systems where virtual and digital objects coexist in the same environment and interact in real time. Its semantics is given in the form of networks of timed automata, which can be checked using symbolic methods. This paper shows how to detect various kinds of indefinite waitings in the components of such systems. The method is experimented using the PRISM model checker.Comment: In Proceedings ESSS 2015, arXiv:1506.0325

Integrating model checking with HiP-HOPS in model-based safety analysis

The ability to perform an effective and robust safety analysis on the design of modern safety–critical systems is crucial. Model-based safety analysis (MBSA) has been introduced in recent years to support the assessment of complex system design by focusing on the system model as the central artefact, and by automating the synthesis and analysis of failure-extended models. Model checking and failure logic synthesis and analysis (FLSA) are two prominent MBSA paradigms. Extensive research has placed emphasis on the development of these techniques, but discussion on their integration remains limited. In this paper, we propose a technique in which model checking and Hierarchically Performed Hazard Origin and Propagation Studies (HiP-HOPS) – an advanced FLSA technique – can be applied synergistically with benefit for the MBSA process. The application of the technique is illustrated through an example of a brake-by-wire system

MCMAS-SLK: A Model Checker for the Verification of Strategy Logic Specifications

We introduce MCMAS-SLK, a BDD-based model checker for the verification of systems against specifications expressed in a novel, epistemic variant of strategy logic. We give syntax and semantics of the specification language and introduce a labelling algorithm for epistemic and strategy logic modalities. We provide details of the checker which can also be used for synthesising agents' strategies so that a specification is satisfied by the system. We evaluate the efficiency of the implementation by discussing the results obtained for the dining cryptographers protocol and a variant of the cake-cutting problem

Fully Observable Non-deterministic Planning as Assumption-Based Reactive Synthesis

We contribute to recent efforts in relating two approaches to automatic synthesis, namely, automated planning and discrete reactive synthesis. First, we develop a declarative characterization of the standard “fairness” assumption on environments in non-deterministic planning, and show that strong-cyclic plans are correct solution concepts for fair environments. This complements, and arguably completes, the existing foundational work on non-deterministic planning, which focuses on characterizing (and computing) plans enjoying special “structural” properties, namely loopy but closed policy structures. Second, we provide an encoding suitable for reactive synthesis that avoids the naive exponential state space blowup. To do so, special care has to be taken to specify the fairness assumption on the environment in a succinct manner.Fil: D'ippolito, Nicolás Roque. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Ciudad Universitaria. Instituto de Investigación en Ciencias de la Computación. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Instituto de Investigación en Ciencias de la Computación; ArgentinaFil: Rodriguez, Natalia. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; ArgentinaFil: Sardina, Sebastian. RMIT University; Australi